Protect Programs From Test Administration Myths

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

Test administration is where the rubber really meets the road for testing programs. It’s where test takers have their first exposure to your tests, assuming, of course, that your program has good security. Test administration is a complex link in the chain of the testing process that is so specialized, the majority of testing programs rely on business partners to manage the process.

There is a sacred trust implicit in handing over your tests to a third-party business partner for administration to test takers. Offering high-stakes tests means you have a high-stakes relationship. Understanding and communicating your needs is an important part of any healthy relationship. Understanding and respecting the abilities and limits of one’s partner is both fair and realistic.

Over the past decade, I’ve managed prominent information technology certification programs, and I’ve been deeply involved in a testing industry trade association. As guest pundit, there are a few important observations that I’d like to share:



  • If you own a test, you are ultimately responsible for the entire testing process. Even if another party has assumed responsibility for your asset, you are the one who ultimately will deal with the consequences of a problem.
  • All test-delivery organizations I’ve seen are concerned about your test security. Resources are devoted to preventing problems from occurring, as well as following up and fixing them when they do occur. They are only one link in the chain of test custody, however — a systematic approach to security is necessary.
  • Your tests can be administered with near 100 percent security, provided you were willing to pay enough for it, and your test takers could tolerate the inconvenience. Meanwhile, back in the real world, compromises are made.
  • Knowledge puts you in the driver’s seat. Good testing program managers regularly check key security metrics and periodically audit their security posture, as well as their partners’. Proactive management is less expensive and less demanding than putting out fires.
  • Your optimal test security posture is determined by understanding your risks, your risk tolerance and your remedies. If you are uncertain of any of these important variables, get competent assistance.
  • Checks and balances make for good management. We all look to impartial, independent experts to verify many aspects of our business lives and to fill in our blind spots. Due diligence is an ongoing process, not a one-time task.


I’ve dealt with a variety of security problems in my career, and I’ve seen still more among my industry colleagues.

Most security issues are like slow leaks in a car’s tire: inconvenient, distracting, a drag on the efficiency and often unnoticed. Proper maintenance and safety checks make a difference. Test administration partners perform a critical service, but you own the car.

I personally experienced a security “blowout” several years ago — circumstance forced me to pull a popular test from the market. I lived to tell the tale, and I learned a lot about security and risk management in the process. My wish for you is that your path to knowledge is far more pleasant.

Robert Pedigo is co-founder and senior security director at Caveon Test Security ( He founded the Oracle Certified Professional Program and managed Sun Certification. He can be reached at editor (at) certmag (dot) com.

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|